-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 16.02.15 4:40, James Beecham пишет: > Hi Yuri, > > Thank you. > > Are these HTTPS CONNECT requests coming over port 80? If not would > I need It depends. In different configurations uses different ports. In transparent interception mode your absolutely need separate ports for HTTP/HTTPS. In forwarding mode you cah use one port, but with SSL parameters. Transparent interception Squid generates error in cache.log if HTTP passes over HTTPS port and vice versa. This is a bit problem in current used versions, but it promised to fix in a future release. ;) > to make a rule to forward 443 to another Squid port configured to > ssl_bump? > > James > > On Sun, Feb 15, 2015 at 2:37 PM, Yuri Voinov <yvoinov@xxxxxxxxx> > wrote: > > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > 16.02.15 4:02, James Beecham пишет: >>>> Hello, >>>> >>>> Thank you to everyone who works on this great project! I have >>>> been using Squid as an intercept for a while now and am very >>>> happy. >>>> >>>> I have a high level question regarding SSL_Bump. >>>> >>>> My company recently switched to using SSL for our web >>>> services, which requires me to make some changes to the way >>>> that we use Squid. >>>> >>>> I have a need to place a header value into requests coming to >>>> our own domain (ex. https://www.myhost.com) for proper usage. >>>> Before using SSL I was using request_header_add without any >>>> issues and getting perfect performance. Now with SSL I still >>>> need to get a header value into the requests to our domain. >>>> >>>> I do not wish to bump/inspect all traffic over 443, I only >>>> wish to add a header to request to my own domain. Since I am >>>> the domain admin I have access to the certs from the CA. I >>>> understand how acls work and am not concerned about setting >>>> this up. >>>> >>>> I would like to know what you all think about using our >>>> domains actual certs (www.myhost.com) to bump only that >>>> domain and add the header field that I need. Will this allow >>>> me to modify the header without the client knowing or their >>>> browser telling them about man in the middle? My knowledge of >>>> SSL/TLS is low but growing everyday. >>>> >>>> Thank you for your attention and please ask more questions if >>>> my situation is not clear.' >>>> >>>> James >>>> >>>> >>>> >>>> _______________________________________________ squid-users >>>> mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx >>>> http://lists.squid-cache.org/listinfo/squid-users >>>> >> _______________________________________________ squid-users >> mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU4SHRAAoJENNXIZxhPexGjcQH/AwTPjGd5OLW9yEz82AKPjkm mXVvdZymFYjB63jH485jaSilgbZLMKbV7MoEPf1qy/AZ3UlhqxKwyneLh0a2WhgK kzmKGzrc3O+KkNliGWKxRnnShEJHXQYf6YgO+vq7qsAjS/QIBd4yEkvw4Kmt2QTi 2ooRJiSRMjh+69jzKL4LopRJq+fGzdw9NgiRXU9/G3l8LJy0szINjyplHm08rZTq 9IiQumwJSdoSPFOUBP0/lcDaZo74QUEwhXv0+igST8Dki5wcT0Qu0GCL0faw2RN6 W912Qfe/pUtWCo+sVsro8kDQhGdvwGObICeH3GgeK98mQ3WkKOYvlhODQHbYYlk= =4Gjy -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
